4 Certificate authentication

The most known authentication method of TLS are certificates.
The PKIX [PKIX] public key infrastructure is daily used by anyone
using a browser today. GnuTLS supports both
X.509 certificates [PKIX] and OpenPGP
certificates using a common API.

The key exchange algorithms supported by certificate authentication are
shown in Table 4.1.

Key exchange

Description

RSA

The RSA algorithm is used to encrypt a key and send it to the peer.
The certificate must allow the key to be used for encryption.

RSA_EXPORT

The RSA algorithm is used to encrypt a key and send it to the peer.
In the EXPORT algorithm, the server signs temporary RSA parameters of
512 bits — which are considered weak — and sends them to the
client.

DHE_RSA

The RSA algorithm is used to sign ephemeral Diffie-Hellman parameters
which are sent to the peer. The key in the certificate must allow the
key to be used for signing. Note that key exchange algorithms which
use ephemeral Diffie-Hellman parameters, offer perfect forward
secrecy. That means that even if the private key used for signing is
compromised, it cannot be used to reveal past session data.

ECDHE_RSA

The RSA algorithm is used to sign ephemeral elliptic curve Diffie-Hellman
parameters which are sent to the peer. The key in the certificate must allow
the key to be used for signing. It also offers perfect forward
secrecy. That means that even if the private key used for signing is
compromised, it cannot be used to reveal past session data.

DHE_DSS

The DSA algorithm is used to sign ephemeral Diffie-Hellman parameters
which are sent to the peer. The certificate must contain DSA
parameters to use this key exchange algorithm. DSA is the algorithm
of the Digital Signature Standard (DSS).

ECDHE_ECDSA

The Elliptic curve DSA algorithm is used to sign ephemeral elliptic
curve Diffie-Hellman parameters which are sent to the peer. The
certificate must contain ECDSA parameters to use this key exchange
algorithm.